Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• chore(deps): update dependency astral-sh/uv to v0.10.9
• chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.30
• chore(deps): update pre-commit hook astral-sh/uv-pre-commit to v0.10.9
• chore(deps): update aquasecurity/trivy-action action to v0.35.0
• chore(deps): update python docker tag to v3.14
• 🔐 Create all pending approval PRs at once 🔐

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• chore(deps): lock file maintenance

---

Warning

Renovate failed to look up the following dependencies: Failed to look up docker package ghrc.io/astral-uv/uv.

Files affected: .gitlab/workflows/rhiza_release.yml

---

Detected Dependencies

devcontainer (1)

.devcontainer/devcontainer.json (5)

• mcr.microsoft.com/devcontainers/python 3.14
• ghcr.io/devcontainers/features/github-cli 1
• ghcr.io/devcontainers/features/copilot-cli 1
• ghcr.io/devcontainers/features/node 1
• ghcr.io/devcontainers/features/docker-in-docker 2

dockerfile (1)

docker/Dockerfile (2)

• ghcr.io/astral-sh/uv 0.9.24-python3.12-bookworm-slim → [Updates: 0.9.30-python3.12-bookworm-slim]
• python 3.12-slim → [Updates: 3.14-slim]

github-actions (16)

.github/workflows/copilot-setup-steps.yml (3)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

.github/workflows/renovate_rhiza_sync.yml (2)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1

.github/workflows/rhiza_benchmarks.yml (5)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• actions/upload-artifact v7.0.0
• benchmark-action/github-action-benchmark v1
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

.github/workflows/rhiza_book.yml (6)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• actions/upload-artifact v7.0.0
• actions/upload-pages-artifact v4.0.0
• actions/deploy-pages v4.0.5
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

.github/workflows/rhiza_ci.yml (9)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

.github/workflows/rhiza_codeql.yml (3)

• actions/checkout v6.0.2
• github/codeql-action v4.32.6
• github/codeql-action v4.32.6

.github/workflows/rhiza_deptry.yml (2)

• actions/checkout v6.0.2
• ghcr.io/astral-sh/uv 0.9.30-bookworm

.github/workflows/rhiza_devcontainer.yml (3)

• actions/checkout v6.0.2
• docker/login-action v4.0.0
• devcontainers/ci v0.3

.github/workflows/rhiza_docker.yml (6)

• actions/checkout v6.0.2
• hadolint/hadolint-action v3.3.0
• docker/setup-buildx-action v4.0.0
• aquasecurity/trivy-action 0.34.2 → [Updates: 0.35.0]
• github/codeql-action v4
• actions/upload-artifact v7.0.0

.github/workflows/rhiza_gh-aw-validate.yml (1)

• actions/checkout v6

.github/workflows/rhiza_marimo.yml (4)

• actions/checkout v6.0.2
• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

.github/workflows/rhiza_pre-commit.yml (2)

• actions/checkout v6.0.2
• actions/cache v5

.github/workflows/rhiza_release.yml (21)

• actions/checkout v6.0.2
• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• actions/setup-python v6.2.0
• actions/attest-sbom v4
• actions/upload-artifact v7.0.0
• actions/attest-build-provenance v4
• actions/upload-artifact v7.0.0
• actions/download-artifact v8.0.0
• softprops/action-gh-release v2.5.0
• actions/checkout v6.0.2
• actions/download-artifact v8.0.0
• actions/checkout v6.0.2
• docker/login-action v4.0.0
• devcontainers/ci v0.3
• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• actions/setup-python v6.2.0
• softprops/action-gh-release v2.5.0
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

.github/workflows/rhiza_security.yml (2)

• actions/checkout v6.0.2
• ghcr.io/astral-sh/uv 0.9.30-bookworm

.github/workflows/rhiza_sync.yml (3)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• peter-evans/create-pull-request v8.1.0

.github/workflows/rhiza_validate.yml (3)

• actions/checkout v6.0.2
• astral-sh/setup-uv v7.3.1
• astral-sh/uv 0.10.8 → [Updates: 0.10.9]

gitlabci (8)

.gitlab-ci.yml (1)

• ghcr.io/astral-sh/uv 0.9.30-bookworm

.gitlab/workflows/rhiza_book.yml (1)

• ghcr.io/astral-sh/uv 0.9.30-bookworm

.gitlab/workflows/rhiza_ci.yml (2)

• ghcr.io/astral-sh/uv 0.9.30-bookworm
• ghcr.io/astral-sh/uv 0.9.30-bookworm

.gitlab/workflows/rhiza_deptry.yml (1)

• ghcr.io/astral-sh/uv 0.9.30-bookworm

.gitlab/workflows/rhiza_pre-commit.yml (1)

• ghcr.io/astral-sh/uv 0.9.30-bookworm

.gitlab/workflows/rhiza_release.yml (2)

• ghcr.io/astral-sh/uv 0.9.30-bookworm
• ghrc.io/astral-uv/uv 0.9.28-bookworm

.gitlab/workflows/rhiza_sync.yml (1)

• ghcr.io/astral-sh/uv 0.9.30-bookworm

.gitlab/workflows/rhiza_validate.yml (1)

• ghcr.io/astral-sh/uv 0.9.30-bookworm

pep621 (1)

pyproject.toml (5)

• marimo >=0.18.0,<1.0
• numpy >=2.4.0,<3.0
• plotly >=6.5.0,<7.0
• pandas >=3,<3.1
• pyyaml >=6.0,<7.0

pre-commit (1)

.pre-commit-config.yaml (9)

• pre-commit/pre-commit-hooks v6.0.0
• astral-sh/ruff-pre-commit v0.15.5
• igorshubovych/markdownlint-cli v0.48.0
• python-jsonschema/check-jsonschema 0.37.0
• rhysd/actionlint v1.7.11
• abravalheri/validate-pyproject v0.25
• PyCQA/bandit 1.9.4
• astral-sh/uv-pre-commit 0.10.8 → [Updates: 0.10.9]
• Jebel-Quant/rhiza-hooks v0.3.0

---

• Check this box to trigger a request for Renovate to run again on this repository